CVE-2006-3459
tiff - several vulnerabilities
EPSS 68.7%
Description
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.
How to fix CVE-2006-3459
To remediate CVE-2006-3459, upgrade the affected package to a fixed version below.
- Debian/tiff—upgrade to 3.8.2-6 or later
- Debian/tiff—upgrade to 3.7.2-7 or later
Is CVE-2006-3459 being exploited?
Likely — EPSS is 68.7%, placing CVE-2006-3459 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 3.8.2-6
- from 0, < 3.7.2-7